The XTMEM Stealer is a newly-identified infostealer. The XTMEM Stealer creators have not yet begun promoting this hacking tool on online forums for cybercriminals. This would indicate that either the project is still in development or that the XTMEM Stealer creators intend to be the only ones that utilize this hacking tool.
After studying the XTMEM Stealer, malware experts have found that this infostealer is not a very advanced piece of malware. On the contrary, this looks like a basic infostealer whose code is riddled with bugs and errors. It is clear that the XTMEM Stealer authors are not very experienced in the field of cybercrime. The XTMEM Stealer utilized the SMTP protocol to exfiltrate data from the breached host. This means that to communicate with the tool, the attackers have to use email. However, the creators of the XTMEM Stealer have listed their personal email addresses, as well as their passwords in plaintext. This means that cybersecurity researchers who study this threat can easily obtain the login credentials of the attackers, which is a rookie mistake.
The XTMEM Stealer is designed to target data stored in popular Web browsers like Google Chrome, Mozilla Firefox, Yandex and Opera. More advanced infostealing projects usually go after higher-value data such as cryptocurrency wallets, sessions from instant messaging applications, etc. The XTMEM Stealer appears to be distributed via a cheat for the Roblox video game.
Users are advised against dealing with video game cheats, illicit pirated software and games and other shady content online.